Pages

About us

H4xOrin' T3h WOrLd

Sunny Kumar is a computer geek and technology blogger. He is a founder and editor of H4xOrin’ T3h WOrLd web-site. Always passionate about Ethical Hacking, Penetration Testing of Web applications, security, gadgets and ev-erything to go with it.His goal of life is to raise the awareness of Information Security, which is nowadays is the key to a successful business.

Cisco switches to weaker hashing scheme, passwords cracked wide open

Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm
leaves users considerably more susceptible to password cracking than an
older alternative, even though the new routine was intended to enhance
protections already in place.
It turns out that Cisco's new method for converting passwords into
one-way hashes uses a single iteration of the SHA256 function with no
cryptographic salt. The revelation came as a shock to many security
experts because the technique requires little time and computing
resources. As a result, relatively inexpensive computers used by
crackers can try a dizzying number of guesses when attempting to guess
the corresponding plain-text password. For instance, a system outfitted
with two AMD Radeon 6990 graphics cards
that run a soon-to-be-released version of the Hashcat password cracking
program can cycle through more than 2.8 billion candidate passwords
each second.
By contrast, the type 5 algorithm the new scheme was intended to
replace used 1,000 iterations of the MD5 hash function. The large number
of repetitions forces cracking programs to work more slowly and makes
the process more costly to attackers. Even more important, the older
function added randomly generated cryptographic "salt" to each password,
preventing crackers from tackling large numbers of hashes at once.
"In my eyes, for such an important company, this is a big fail," Jens Steube, the creator of ocl-Hashcat-plus
said of the discovery he and beta tester Philipp Schmidt made last
week. "Nowadays everyone in the security/crypto/hash scene knows that
password hashes should be salted, at least. By not salting the hashes we
can crack all the hashes at once with full speed."
Cisco officials acknowledged the password weakness in an advisory published Monday.
The bulletin didn't specify the specific Cisco products that use the
new algorithm except to say that they ran "Cisco IOS and Cisco IOS XE
releases based on the Cisco IOS 15 code base." It warned that devices
that support Type 4 passwords lose the capacity to create more secure
Type 5 passwords. It also said "backward compatibility problems may
arise when downgrading from a device running" the latest version.
The advisory said that Type 4 protection was designed to use the Password-Based Key Derivation Function version 2 standard to SHA256 hash passwords 1,000 times. It was also designed to append a random 80-bit salt to each password.
"Due to an implementation issue, the Type 4 password algorithm does not use PBKDF2 and does not use
a salt, but instead performs a single iteration of SHA256 over the
user-provided plaintext password," the Cisco advisory stated. "This
approach causes a Type 4 password to be less resilient to brute-force
attacks than a Type 5 password of equivalent complexity."
The weakness threatens anyone whose router configuration data may be
exposed in an online breach. Rather than store passwords in clear text,
the algorithm is intended to store passwords as a one-way hash that can
only be reversed by guessing the plaintext that generated it. The risk
is exacerbated by the growing practice of including configuration data
in online forums. Steube found the hash
"luSeObEBqS7m7Ux97dU4qPfW4iArF8KZI2sQnuwGcoU" posted here and had little trouble cracking it. (Ars isn't publishing the password in case it's still being used to secure the Cisco gear.)
While Steube and Schmidt reversed the Type 4 scheme, word of the
weakness they uncovered recently leaked into other password cracking
forums. An e-mail posted on Saturday to a group dedicated to the John the Ripper password cracker,
for instance, noted that the secret to the Type 4 password scheme "is
it's base64 SHA256 with character set
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'."
Armed with this knowledge, crackers have everything they need to crack
hundreds of thousands, or even millions, of hashes in a matter of hours.
It's hard to fathom an implementation error of this magnitude being
discovered only after the new hashing mechanism went live. The good news
is that Cisco is openly disclosing the weakness early in its life
cycle. Ars strongly recommends that users consider the pros and cons
before upgrading their Cisco gear.